Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-33525
CVE-2021-33525:
EyesOfNetwork vulnerability analysis and mitigation
Overview
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell (CVE Details).
Technical details
The vulnerability exists in the lilac/export.php file where the nagios_path parameter is not properly sanitized, allowing authenticated users to inject shell metacharacters. The attack can be executed by inserting command concatenation characters (&&) followed by arbitrary commands, which are then executed in the context of the web server (GitHub POC).
Impact
This vulnerability allows authenticated users to execute arbitrary commands on the affected system with web server privileges. This could lead to complete system compromise, data theft, or service disruption (CVE Details).
Mitigation and workarounds
The vulnerability was addressed in subsequent releases after version 5.3-11. Organizations should upgrade to a patched version of EyesOfNetwork. Additionally, access to the lilac/export.php endpoint should be strictly controlled (EON Release).
Additional resources
Source: This report was generated using AI
Related EyesOfNetwork vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management